1/ Read this if you are confused how the recent BIP143 bug allows attackers to steal your #Bitcoin. The attack is very real and not just for miners. Everyday users should be very careful and upgrade their HWW firmware when available. 👇
Attacker needs ability to see all or some of your UTXOs and modify PSBT data (or similar) sent to HWW.
1. You want to move 10BTC to an exchange
2. You have 2 UTXOs of 6 (utxo_1) and 4.0001 (utxo_2) selected by your PC full node
...
3. Attacker sees you have utxo_3 of 9BTC.
4. He replaces utxo_2 with utxo_3 but does not change the amount in the PSBT
5. HWW asks you to sign. Outputs and fee look fine so u click ok
6. HWW generates sigs for utxo_1 and utxo_3
7. If broadcast to network tx would be invalid
8. utxo_1 sig is good, but utxo_3 sig is bad. So at this point no harm done
9. But your tx failed so you try again
10. Now attacker modifies PSBT so that utxo_3 is 9btc (valid) but changes utxo_1 value to 1.0001 (lie)
11. HWW shown output addr, amount, fee show normally
12. You sign but again tx is broadcast and is still invalid because utxo_1 sig is bad this time
13. But now attacker can take the good utxo_1 sig from first pass and add the good utxo_3 sig from second pass to make a new signed tx of 9+6 BTC with output of 10 so fee of 5BTC!
Attack can be repeated until successful cause user does know anything is wrong other than once a month some txs fail
Scary!